[Git][security-tracker-team/security-tracker][master] Update status for CVE-2016-7965
Salvatore Bonaccorso
carnil at debian.org
Thu Sep 20 19:38:22 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
0c5fddd1 by Salvatore Bonaccorso at 2018-09-20T18:36:55Z
Update status for CVE-2016-7965
Upstream considers this not a vulnerability and the issue itself can be
adressed by properly configure dokuwiki as per
https://github.com/splitbrain/dokuwiki/issues/1709 . As such enought to
demote severity to unimportant.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -103096,10 +103096,10 @@ CVE-2016-7966 (Through a malicious URL that contained a quote character it was .
- kcoreaddons 5.26.0-3 (bug #840547)
NOTE: https://www.kde.org/info/security/advisory-20161006-1.txt
CVE-2016-7965 (DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the ...)
- - dokuwiki <unfixed> (bug #844732)
- [jessie] - dokuwiki <no-dsa> (Minor issue)
- [wheezy] - dokuwiki <no-dsa> (Minor issue)
+ - dokuwiki <unfixed> (bug #844732; unimportant)
NOTE: https://github.com/splitbrain/dokuwiki/issues/1709
+ NOTE: Can be adresesd by properly configure dokuwiki as per
+ NOTE: https://github.com/splitbrain/dokuwiki/issues/1709#issuecomment-262337572
CVE-2016-7964 (The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php ...)
- dokuwiki <unfixed> (bug #844731)
[jessie] - dokuwiki <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c5fddd187688dcfc0faff169987eb69082e1bb9
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/0c5fddd187688dcfc0faff169987eb69082e1bb9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180920/68793855/attachment.html>
More information about the debian-security-tracker-commits
mailing list